Multiple integer overflows were discovered in Xpdf, potentially resulting
in execution of arbitrary code upon viewing a malicious PDF file. CUPS
includes Xpdf code and therefore is vulnerable to the same issues.

Background

Xpdf is an open source viewer for Portable Document Format (PDF) files. The
Common UNIX Printing System (CUPS) is a cross-platform print spooler that
includes some Xpdf code.

An attacker could entice an user to open a specially-crafted PDF file,
potentially resulting in execution of arbitrary code with the rights of the
user running Xpdf. By enticing an user to directly print the PDF file to a
CUPS printer, an attacker could also crash the CUPS spooler or execute
arbitrary code with the rights of the CUPS spooler, which is usually the
"lp" user.